Fighting fraud is complexExternal sources, including tips, notification by law enforcement, external audits, accidental discovery and confessions are responsible for a higher percentage of detection and higher median losses, than are internal sources and methods, including management review, internal audit, account reconciliation, document examinations, and IT controls. Time to detection ranges from 12 to 36 months.

Current methods are inefficientEven in a backwards-looking forensic mode, current IT controls were found to be the source of the fewest incidents detected. This is a situation that cries out for a technology-based solution.

Related:

Fraud frequency doesn't tally with impactDoing the simple mathematics of frequency multiplied by impact doesn't help much with focus.

Financial statement fraud, for example, is the least common (7.6 per cent) but has the highest median loss ($1,000K; £625.8K), while asset misappropriation has the highest frequency (86.7 per cent) but the lowest median loss ($120K; £75K).

The choice of death-by-severe-trauma or death-by-a-thousand-cuts leads to pretty much the same result.

In the example of the Health Care Fraud and Abuse Control program (HCFAC), under the US Department of Health and Human Services and the US Department of Justice, every $1.00 expended in fighting fraud returned an impressive $7.20 in judgments and settlements.

New strategies for fighting fraud are emergingRapid changes in information technology infrastructure are increasing the difficulty of maintaining high levels of preparedness simultaneously against the full range of threats.

We have been hearing for years how CIOs and senior IT professionals need to bury the hatchet with line of business managers and, instead of focusing on the latest bleeding-edge technology for its own sake, seek to better understand the overall strategic objectives of their organisations.